debian-mirror-gitlab/doc/user/application_security/dast/checks/798.84.md

---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---

# Exposure of confidential secret or token npm access token

## Description

The response body contains content that matches the pattern of a npm access token.
Exposing this value could allow attackers to gain access to all resources granted by this token.

## Remediation

Review the response body content and remove any exposed values.

## Details

| ID | Aggregated | CWE | Type | Risk |
|:---|:--------|:--------|:--------|:--------|
| 798.84 | false | 798 | Passive | High |

## Links

- [CWE](https://cwe.mitre.org/data/definitions/798.html)
New upstream version 15.2.2+ds1 2022-08-13 15:12:31 +05:30			`---`
			`stage: Secure`
			`group: Dynamic Analysis`
			`info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments`
			`---`

			`# Exposure of confidential secret or token npm access token`

			`## Description`

			`The response body contains content that matches the pattern of a npm access token.`
			`Exposing this value could allow attackers to gain access to all resources granted by this token.`

			`## Remediation`

			`Review the response body content and remove any exposed values.`

			`## Details`

			`\| ID \| Aggregated \| CWE \| Type \| Risk \|`
			`\|:---\|:--------\|:--------\|:--------\|:--------\|`
			`\| 798.84 \| false \| 798 \| Passive \| High \|`

			`## Links`

			`- [CWE](https://cwe.mitre.org/data/definitions/798.html)`